Re: [Isis-wg] Genart last call review of draft-ietf-isis-auto-conf-04

Robert Sparks <rjsparks@nostrum.com> Fri, 07 April 2017 21:18 UTC

Return-Path: <rjsparks@nostrum.com>
X-Original-To: isis-wg@ietfa.amsl.com
Delivered-To: isis-wg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AB5B128B91; Fri, 7 Apr 2017 14:18:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Level:
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EOG1fxzy8oYx; Fri, 7 Apr 2017 14:18:23 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B27C1292D0; Fri, 7 Apr 2017 14:18:03 -0700 (PDT)
Received: from unescapeable.local ([47.186.26.91]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v37LHx4q031384 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 7 Apr 2017 16:18:00 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host [47.186.26.91] claimed to be unescapeable.local
To: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>, "gen-art@ietf.org" <gen-art@ietf.org>
References: <149159669211.11107.3275242226580240988@ietfa.amsl.com> <814d03ced1c64f18b20d23c65e7cdf04@XCH-ALN-001.cisco.com>
Cc: "draft-ietf-isis-auto-conf.all@ietf.org" <draft-ietf-isis-auto-conf.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "isis-wg@ietf.org" <isis-wg@ietf.org>
From: Robert Sparks <rjsparks@nostrum.com>
Message-ID: <8469f915-7e13-dead-7a4e-ab36506948da@nostrum.com>
Date: Fri, 7 Apr 2017 16:17:59 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <814d03ced1c64f18b20d23c65e7cdf04@XCH-ALN-001.cisco.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/isis-wg/yel-1DQVlAJxvfBBqenb04v83js>
Subject: Re: [Isis-wg] Genart last call review of draft-ietf-isis-auto-conf-04
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Apr 2017 21:18:32 -0000


On 4/7/17 3:55 PM, Les Ginsberg (ginsberg) wrote:
> Robert -
>
> Thanx for the review.
> Reply inline.
>
>> -----Original Message-----
>> From: Robert Sparks [mailto:rjsparks@nostrum.com]
>> Sent: Friday, April 07, 2017 1:25 PM
>> To: gen-art@ietf.org
>> Cc: draft-ietf-isis-auto-conf.all@ietf.org; ietf@ietf.org; isis-wg@ietf.org
>> Subject: Genart last call review of draft-ietf-isis-auto-conf-04
>>
>> Reviewer: Robert Sparks
>> Review result: Ready with Issues
>>
>> I am the assigned Gen-ART reviewer for this draft. The General Area Review
>> Team (Gen-ART) reviews all IETF documents being processed by the IESG for
>> the IETF Chair.  Please treat these comments just like any other last call
>> comments.
>>
>> For more information, please see the FAQ at
>>
>> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
>>
>> Document: draft-ietf-isis-auto-conf-04
>> Reviewer: Robert Sparks
>> Review Date: 2017-04-07
>> IETF LC End Date: 2017-04-10
>> IESG Telechat date: 2017-04-13
>>
>> Summary: Ready for publication as Proposed Standard, but with one possible
>> thing to add to the security consideration section
>>
>> This document is clear and seems straightforward to implement.
>>
>> I think, however, there is an attack possibility you should call out in the
>> security considerations section. As home routers are used as examples of
>> elements that might use this protocol, consider the case of a malicious party
>> wanting to deny service in that home.
>> A suborned device in the home could watch for the protocol, and present a
>> crafted packet to force the home router(s) to re-start the autoconfiguration
>> protocol continually (by claiming to be a duplicate and being careful to make
>> it the routers job to restart).
>> Having the md5 password configured would mitigate this attack.
> [Les:] The draft says two things which are relevant:
>
> 3.5.1.  Authentication TLV
>
>     It is RECOMMENDED that IS-IS routers supporting this specification
>     offer an option to explicitly configure a single password for HMAC-
>     MD5 authentication as specified in[RFC5304].
>
> 4.  Security Considerations
>
>     In general, the use of authentication is incompatible with auto-
>     configuration as it requires some manual configuration.
>
> It seems to me that these sections adequately cover your point.
> ???
They provide the mitigation. They do not call out the risk.

The current security considerations section says for wired networks, 
plugging into the wire is protection enough, and you don't need to use 
the authentication tlv.  I don't think that's true given the possibility 
of this attack. I suggest discussing the attack in the security 
considerations section and pointing to using the Authentication TLV with 
it's onerous bit of manual configuration as the mitigation.

>
>      Les
>